Language Selection

English French German Italian Portuguese Spanish

Microsoft, Linux vendors slow to fix flaw

Filed under
Security

Colin Percival detailed the vulnerability -- which affects versions of Intel's CPU that use a technology called hyper-threading -- at a conference on May 13.

The vulnerability could allow hackers to steal sensitive information such as passwords on servers configured to allow multiple users to login simultaneously.

The FreeBSD security team member has received formal responses to the issue from the makers of the BSD family of open-source operating systems, as well as SCO and Ubuntu Linux. However, Linux vendors Red Hat, Novell and Mandriva as well as Microsoft have been slow to act.

"Given that I reported this problem in early March, I really think that they [Microsoft and Linux vendors] should have had a patch over a month ago -- in time to test it extensively before releasing it on May 13th," Percival told ZDNet Australia .

"I made it quite clear to everyone that I would be releasing my paper on that date and that they should make sure they were ready by then," he added.

Although the problem only affects multi-user servers, these machines are widely used. "The most obvious example is shared Web servers, which constitutes the vast majority of small e-commerce sites," he said. "On these systems the flaw is very serious."

Full Story.

More in Tux Machines

OpenMediaVault 1.0, a Complete Free NAS Solution You Didn't Know You Needed

As you can expect, there are a ton of free NAS (network attached storage) projects and solutions on Linux (and beyond), but there is always room for one more. OpenMediaVault packs quite a few features and users will most likely find all the options that they will ever need. The OpenMediaVault might have a round and neat version number, but the project has been around for a few years now and it's made by Volker Theile, a former member of FreeNAS, which is another very famous NAS solution. Read more

How Matt's Machine Works

And that is how Mullenweg, creator of WordPress, founder of Automattic, and chairman of The WordPress Foundation, runs 22% of the Internet. Read more

Open-source project promises easy-to-use encryption for email, instant messaging and more

Called "Pretty Easy Privacy" (PEP), the project's goal is to integrate the technology with existing communication tools on different desktop and mobile platforms. The development team launched a preview PEP implementation Monday for the Microsoft Outlook email client, but plans to build similar products to encrypt communications in Android, iOS, Firefox OS, Thunderbird, Apple Mail, Jabber, IRC (Internet Relay Chat), WhatsApp, Facebook Messenger, Snapchat and Twitter. Read more

Samsung Open Source Group’s Linux Kernel Updates and More from LinuxCon

This year's LinuxCon & Kernel Summit North America were notable for several reasons, not the least of which included being able to see the scenic views of downtown Chicago through the hotel lobby windows! Below, the Samsung Open Source Group will share our top highlights of the conferences, as well as look forward to what we can expect from LinuxCon Europe next month in Germany. Read more